IMPACT
======
Xen guests may be able to infer the contents of arbitrary host memory,
including memory assigned to other guests.
VULNERABLE SYSTEMS
==================
Systems running all versions of Xen are affected.
MITIGATION
==========
There is no mitigation for SP1 and SP2.
RESOLUTION
==========
There is no available resolution for SP1 or SP3.
For those unaware - this is a hardware fault. CPUs make use of speculative execution (Spectre) or Pipelines (Meltdown) - both of which can be used to attempt to access illegal memory. The access fails, however, it's possible to use the "stolen" memory before the access-fail is enforced in a way that makes it available on a side-channel (cache in these exploits, but could be anything else like ports/dma) to any non-privileged process.
> To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscribe@googlegroups.com.
> To post to this group, send email to qubes...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/ade43b3a-8050-df93-aa7c-d595cbb1a7cc%40gmail.com.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to a topic in the Google Groups "qubes-devel" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/qubes-devel/oHk1o2rsX60/unsubscribe.
To unsubscribe from this group and all its topics, send an email to qubes-devel+unsubscribe@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/E1eXV6A-0005bR-Bu%40rmmprod07.runbox.